Compartilhar via


Convert-MgBetaUserExternalToInternalMemberUser

Convert an externally authenticated user into an internal user. The user is able to sign into the host tenant as an internal user and access resources as a member. For more information about this conversion, see Convert external users to internal users.

Syntax

Convert-MgBetaUserExternalToInternalMemberUser
       -UserId <String>
       [-ResponseHeadersVariable <String>]
       [-AdditionalProperties <Hashtable>]
       [-Mail <String>]
       [-PasswordProfile <IMicrosoftGraphPasswordProfile>]
       [-UserPrincipalName <String>]
       [-Headers <IDictionary>]
       [-ProgressAction <ActionPreference>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Convert-MgBetaUserExternalToInternalMemberUser
       -UserId <String>
       -Body <IComponents189ZsniRequestbodiesConvertexternaltointernalmemberuserrequestbodyContentApplicationJsonSchema>
       [-ResponseHeadersVariable <String>]
       [-Headers <IDictionary>]
       [-ProgressAction <ActionPreference>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Convert-MgBetaUserExternalToInternalMemberUser
       -InputObject <IUsersActionsIdentity>
       [-ResponseHeadersVariable <String>]
       [-AdditionalProperties <Hashtable>]
       [-Mail <String>]
       [-PasswordProfile <IMicrosoftGraphPasswordProfile>]
       [-UserPrincipalName <String>]
       [-Headers <IDictionary>]
       [-ProgressAction <ActionPreference>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]
Convert-MgBetaUserExternalToInternalMemberUser
       -InputObject <IUsersActionsIdentity>
       [-ResponseHeadersVariable <String>]
       -BodyParameter <IComponents189ZsniRequestbodiesConvertexternaltointernalmemberuserrequestbodyContentApplicationJsonSchema>
       [-Headers <IDictionary>]
       [-ProgressAction <ActionPreference>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Description

Convert an externally authenticated user into an internal user. The user is able to sign into the host tenant as an internal user and access resources as a member. For more information about this conversion, see Convert external users to internal users.

Permissions

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) User-ConvertToInternal.ReadWrite.All User.ReadWrite.All
Delegated (personal Microsoft account) Not supported. Not supported.
Application User-ConvertToInternal.ReadWrite.All User.ReadWrite.All

Examples

Example 1: Convert a cloud user and require them to reset their password on next sign in

Import-Module Microsoft.Graph.Beta.Users.Actions

$params = @{
	userPrincipalName = "AdeleVance@contoso.com"
	passwordProfile = @{
		password = "Zdi087#2jhkahf"
		forceChangePasswordNextSignIn = "true"
	}
}

Convert-MgBetaUserExternalToInternalMemberUser -UserId $userId -BodyParameter $params

This example will convert a cloud user and require them to reset their password on next sign in

Example 2: Convert a cloud user, change their mail address, and require password reset on next sign in

Import-Module Microsoft.Graph.Beta.Users.Actions

$params = @{
	userPrincipalName = "AdeleVance@contoso.com"
	passwordProfile = @{
		password = "Zdi087#2jhkahf"
		forceChangePasswordNextSignIn = "true"
	}
	mail = "AdeleV@contoso.com"
}

Convert-MgBetaUserExternalToInternalMemberUser -UserId $userId -BodyParameter $params

This example will convert a cloud user, change their mail address, and require password reset on next sign in

Example 3: Convert external User to internal for a user synchronized from on-premises AD

Import-Module Microsoft.Graph.Beta.Users.Actions

Convert-MgBetaUserExternalToInternalMemberUser -UserId $userId

This example will convert external user to internal for a user synchronized from on-premises ad

Parameters

-AdditionalProperties

Additional Parameters

Type:Hashtable
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Body

. To construct, see NOTES section for BODY properties and create a hash table.

Type:IComponents189ZsniRequestbodiesConvertexternaltointernalmemberuserrequestbodyContentApplicationJsonSchema
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-BodyParameter

. To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Type:IComponents189ZsniRequestbodiesConvertexternaltointernalmemberuserrequestbodyContentApplicationJsonSchema
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Headers

Optional headers that will be added to the request.

Type:IDictionary
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-InputObject

Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.

Type:IUsersActionsIdentity
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Mail

.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PasswordProfile

passwordProfile To construct, see NOTES section for PASSWORDPROFILE properties and create a hash table.

Type:IMicrosoftGraphPasswordProfile
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ProgressAction

{{ Fill ProgressAction Description }}

Type:ActionPreference
Aliases:proga
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResponseHeadersVariable

Optional Response Headers Variable.

Type:String
Aliases:RHV
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-UserId

The unique identifier of user

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-UserPrincipalName

.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Graph.Beta.PowerShell.Models.IComponents189ZsniRequestbodiesConvertexternaltointernalmemberuserrequestbodyContentApplicationJsonSchema

Microsoft.Graph.Beta.PowerShell.Models.IUsersActionsIdentity

System.Collections.IDictionary

Outputs

Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphConversionUserDetails

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODY <IComponents189ZsniRequestbodiesConvertexternaltointernalmemberuserrequestbodyContentApplicationJsonSchema>: .

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Mail <String>]:
  • [PasswordProfile <IMicrosoftGraphPasswordProfile>]: passwordProfile
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [ForceChangePasswordNextSignIn <Boolean?>]: true if the user must change their password on the next sign-in; otherwise false. If not set, default is false.
    • [ForceChangePasswordNextSignInWithMfa <Boolean?>]: If true, at next sign-in, the user must perform a multifactor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multifactor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false.
    • [Password <String>]: The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next sign-in. The password must satisfy minimum requirements as specified by the user's passwordPolicies property. By default, a strong password is required.
  • [UserPrincipalName <String>]:

BODYPARAMETER <IComponents189ZsniRequestbodiesConvertexternaltointernalmemberuserrequestbodyContentApplicationJsonSchema>: .

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Mail <String>]:
  • [PasswordProfile <IMicrosoftGraphPasswordProfile>]: passwordProfile
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [ForceChangePasswordNextSignIn <Boolean?>]: true if the user must change their password on the next sign-in; otherwise false. If not set, default is false.
    • [ForceChangePasswordNextSignInWithMfa <Boolean?>]: If true, at next sign-in, the user must perform a multifactor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multifactor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false.
    • [Password <String>]: The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next sign-in. The password must satisfy minimum requirements as specified by the user's passwordPolicies property. By default, a strong password is required.
  • [UserPrincipalName <String>]:

INPUTOBJECT <IUsersActionsIdentity>: Identity Parameter

  • [AccessReviewInstanceId <String>]: The unique identifier of accessReviewInstance
  • [AccessReviewStageId <String>]: The unique identifier of accessReviewStage
  • [AppLogCollectionRequestId <String>]: The unique identifier of appLogCollectionRequest
  • [AuthenticationMethodId <String>]: The unique identifier of authenticationMethod
  • [CalendarId <String>]: The unique identifier of calendar
  • [ChatId <String>]: The unique identifier of chat
  • [ChatMessageId <String>]: The unique identifier of chatMessage
  • [ChatMessageId1 <String>]: The unique identifier of chatMessage
  • [CloudPcId <String>]: The unique identifier of cloudPC
  • [ContactFolderId <String>]: The unique identifier of contactFolder
  • [ContactFolderId1 <String>]: The unique identifier of contactFolder
  • [ContactId <String>]: The unique identifier of contact
  • [ContentTypeId <String>]: The unique identifier of contentType
  • [DeviceEnrollmentConfigurationId <String>]: The unique identifier of deviceEnrollmentConfiguration
  • [DeviceLogCollectionResponseId <String>]: The unique identifier of deviceLogCollectionResponse
  • [DocumentSetVersionId <String>]: The unique identifier of documentSetVersion
  • [DriveId <String>]: The unique identifier of drive
  • [DriveItemId <String>]: The unique identifier of driveItem
  • [DriveItemVersionId <String>]: The unique identifier of driveItemVersion
  • [EventId <String>]: The unique identifier of event
  • [EventId1 <String>]: The unique identifier of event
  • [JoinWebUrl <String>]: Alternate key of onlineMeeting
  • [ListItemId <String>]: The unique identifier of listItem
  • [ListItemVersionId <String>]: The unique identifier of listItemVersion
  • [MailFolderId <String>]: The unique identifier of mailFolder
  • [MailFolderId1 <String>]: The unique identifier of mailFolder
  • [ManagedDeviceId <String>]: The unique identifier of managedDevice
  • [MessageId <String>]: The unique identifier of message
  • [MobileAppTroubleshootingEventId <String>]: The unique identifier of mobileAppTroubleshootingEvent
  • [NotebookId <String>]: The unique identifier of notebook
  • [OnenotePageId <String>]: The unique identifier of onenotePage
  • [OnenoteSectionId <String>]: The unique identifier of onenoteSection
  • [OnlineMeetingId <String>]: The unique identifier of onlineMeeting
  • [OutlookTaskFolderId <String>]: The unique identifier of outlookTaskFolder
  • [OutlookTaskGroupId <String>]: The unique identifier of outlookTaskGroup
  • [OutlookTaskId <String>]: The unique identifier of outlookTask
  • [PermissionId <String>]: The unique identifier of permission
  • [PlannerPlanId <String>]: The unique identifier of plannerPlan
  • [SensitivityLabelId <String>]: The unique identifier of sensitivityLabel
  • [SubscriptionId <String>]: The unique identifier of subscription
  • [TeamsAppInstallationId <String>]: The unique identifier of teamsAppInstallation
  • [TodoTaskId <String>]: The unique identifier of todoTask
  • [TodoTaskListId <String>]: The unique identifier of todoTaskList
  • [UserId <String>]: The unique identifier of user

PASSWORDPROFILE <IMicrosoftGraphPasswordProfile>: passwordProfile

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [ForceChangePasswordNextSignIn <Boolean?>]: true if the user must change their password on the next sign-in; otherwise false. If not set, default is false.
  • [ForceChangePasswordNextSignInWithMfa <Boolean?>]: If true, at next sign-in, the user must perform a multifactor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multifactor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false.
  • [Password <String>]: The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next sign-in. The password must satisfy minimum requirements as specified by the user's passwordPolicies property. By default, a strong password is required.